2019-12-16 16:22:09 +01:00
|
|
|
// Copyright (c) Mainflux
|
|
|
|
|
// SPDX-License-Identifier: Apache-2.0
|
|
|
|
|
|
|
|
|
|
package grpc_test
|
|
|
|
|
|
|
|
|
|
import (
|
2020-07-13 15:24:55 +02:00
|
|
|
"context"
|
2019-12-16 16:22:09 +01:00
|
|
|
"fmt"
|
|
|
|
|
"net"
|
|
|
|
|
"testing"
|
|
|
|
|
"time"
|
|
|
|
|
|
|
|
|
|
"github.com/mainflux/mainflux"
|
2020-12-29 23:02:35 +01:00
|
|
|
"github.com/mainflux/mainflux/auth"
|
|
|
|
|
grpcapi "github.com/mainflux/mainflux/auth/api/grpc"
|
|
|
|
|
"github.com/mainflux/mainflux/auth/jwt"
|
|
|
|
|
"github.com/mainflux/mainflux/auth/mocks"
|
2020-06-03 18:49:44 +02:00
|
|
|
"github.com/mainflux/mainflux/pkg/uuid"
|
2019-12-16 16:22:09 +01:00
|
|
|
"github.com/opentracing/opentracing-go/mocktracer"
|
|
|
|
|
"github.com/stretchr/testify/assert"
|
2023-04-12 08:30:01 -07:00
|
|
|
"github.com/stretchr/testify/require"
|
2019-12-16 16:22:09 +01:00
|
|
|
"google.golang.org/grpc"
|
|
|
|
|
"google.golang.org/grpc/codes"
|
2023-04-12 08:30:01 -07:00
|
|
|
"google.golang.org/grpc/credentials/insecure"
|
2019-12-16 16:22:09 +01:00
|
|
|
"google.golang.org/grpc/status"
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
const (
|
2023-03-23 23:55:11 +03:00
|
|
|
port = 7001
|
2021-03-04 10:29:03 +01:00
|
|
|
secret = "secret"
|
|
|
|
|
email = "test@example.com"
|
|
|
|
|
id = "testID"
|
|
|
|
|
thingsType = "things"
|
|
|
|
|
usersType = "users"
|
|
|
|
|
description = "Description"
|
|
|
|
|
|
|
|
|
|
numOfThings = 5
|
|
|
|
|
numOfUsers = 5
|
2021-10-27 00:38:28 +02:00
|
|
|
|
|
|
|
|
authoritiesObj = "authorities"
|
|
|
|
|
memberRelation = "member"
|
2022-01-25 21:42:41 +03:00
|
|
|
loginDuration = 30 * time.Minute
|
2019-12-16 16:22:09 +01:00
|
|
|
)
|
|
|
|
|
|
2020-12-29 23:02:35 +01:00
|
|
|
var svc auth.Service
|
2019-12-16 16:22:09 +01:00
|
|
|
|
2020-12-29 23:02:35 +01:00
|
|
|
func newService() auth.Service {
|
2019-12-16 16:22:09 +01:00
|
|
|
repo := mocks.NewKeyRepository()
|
2020-12-29 23:02:35 +01:00
|
|
|
groupRepo := mocks.NewGroupRepository()
|
2021-01-17 23:12:45 +01:00
|
|
|
idProvider := uuid.NewMock()
|
2021-10-27 00:38:28 +02:00
|
|
|
|
|
|
|
|
mockAuthzDB := map[string][]mocks.MockSubjectSet{}
|
|
|
|
|
mockAuthzDB[id] = append(mockAuthzDB[id], mocks.MockSubjectSet{Object: authoritiesObj, Relation: memberRelation})
|
|
|
|
|
ketoMock := mocks.NewKetoMock(mockAuthzDB)
|
|
|
|
|
|
2019-12-16 16:22:09 +01:00
|
|
|
t := jwt.New(secret)
|
|
|
|
|
|
2022-01-25 21:42:41 +03:00
|
|
|
return auth.New(repo, groupRepo, idProvider, t, ketoMock, loginDuration)
|
2019-12-16 16:22:09 +01:00
|
|
|
}
|
|
|
|
|
|
2020-12-29 23:02:35 +01:00
|
|
|
func startGRPCServer(svc auth.Service, port int) {
|
2019-12-16 16:22:09 +01:00
|
|
|
listener, _ := net.Listen("tcp", fmt.Sprintf(":%d", port))
|
|
|
|
|
server := grpc.NewServer()
|
2020-12-29 23:02:35 +01:00
|
|
|
mainflux.RegisterAuthServiceServer(server, grpcapi.NewServer(mocktracer.New(), svc))
|
2019-12-16 16:22:09 +01:00
|
|
|
go server.Serve(listener)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func TestIssue(t *testing.T) {
|
|
|
|
|
authAddr := fmt.Sprintf("localhost:%d", port)
|
2023-04-12 08:30:01 -07:00
|
|
|
conn, _ := grpc.Dial(authAddr, grpc.WithTransportCredentials(insecure.NewCredentials()))
|
2019-12-16 16:22:09 +01:00
|
|
|
client := grpcapi.NewClient(mocktracer.New(), conn, time.Second)
|
|
|
|
|
|
2020-01-16 18:43:06 +01:00
|
|
|
cases := []struct {
|
2020-10-27 19:42:53 +01:00
|
|
|
desc string
|
|
|
|
|
id string
|
|
|
|
|
email string
|
|
|
|
|
kind uint32
|
|
|
|
|
err error
|
|
|
|
|
code codes.Code
|
2019-12-16 16:22:09 +01:00
|
|
|
}{
|
2020-01-16 18:43:06 +01:00
|
|
|
{
|
2020-10-27 19:42:53 +01:00
|
|
|
desc: "issue for user with valid token",
|
2020-10-27 20:08:16 +01:00
|
|
|
id: id,
|
2020-10-27 19:42:53 +01:00
|
|
|
email: email,
|
2021-12-24 14:53:06 +01:00
|
|
|
kind: auth.LoginKey,
|
2020-10-27 19:42:53 +01:00
|
|
|
err: nil,
|
|
|
|
|
code: codes.OK,
|
2020-01-16 18:43:06 +01:00
|
|
|
},
|
|
|
|
|
{
|
2020-10-27 19:42:53 +01:00
|
|
|
desc: "issue recovery key",
|
2020-10-27 20:08:16 +01:00
|
|
|
id: id,
|
2020-10-27 19:42:53 +01:00
|
|
|
email: email,
|
2020-12-29 23:02:35 +01:00
|
|
|
kind: auth.RecoveryKey,
|
2020-10-27 19:42:53 +01:00
|
|
|
err: nil,
|
|
|
|
|
code: codes.OK,
|
2020-01-16 18:43:06 +01:00
|
|
|
},
|
|
|
|
|
{
|
2020-10-27 19:42:53 +01:00
|
|
|
desc: "issue API key unauthenticated",
|
2020-10-27 20:08:16 +01:00
|
|
|
id: id,
|
2020-10-27 19:42:53 +01:00
|
|
|
email: email,
|
2020-12-29 23:02:35 +01:00
|
|
|
kind: auth.APIKey,
|
2020-10-27 19:42:53 +01:00
|
|
|
err: nil,
|
|
|
|
|
code: codes.Unauthenticated,
|
2020-01-16 18:43:06 +01:00
|
|
|
},
|
|
|
|
|
{
|
2020-10-27 19:42:53 +01:00
|
|
|
desc: "issue for invalid key type",
|
2020-10-27 20:08:16 +01:00
|
|
|
id: id,
|
2020-10-27 19:42:53 +01:00
|
|
|
email: email,
|
|
|
|
|
kind: 32,
|
|
|
|
|
err: status.Error(codes.InvalidArgument, "received invalid token request"),
|
|
|
|
|
code: codes.InvalidArgument,
|
2020-01-16 18:43:06 +01:00
|
|
|
},
|
|
|
|
|
{
|
2022-02-01 17:33:23 +01:00
|
|
|
desc: "issue for user that exist",
|
|
|
|
|
id: "",
|
|
|
|
|
email: "",
|
|
|
|
|
kind: auth.APIKey,
|
|
|
|
|
err: status.Error(codes.Unauthenticated, "unauthenticated access"),
|
|
|
|
|
code: codes.Unauthenticated,
|
2020-01-16 18:43:06 +01:00
|
|
|
},
|
2019-12-16 16:22:09 +01:00
|
|
|
}
|
|
|
|
|
|
2020-01-16 18:43:06 +01:00
|
|
|
for _, tc := range cases {
|
2020-10-27 19:42:53 +01:00
|
|
|
_, err := client.Issue(context.Background(), &mainflux.IssueReq{Id: tc.id, Email: tc.email, Type: tc.kind})
|
2020-04-10 17:43:42 +02:00
|
|
|
e, ok := status.FromError(err)
|
|
|
|
|
assert.True(t, ok, "gRPC status can't be extracted from the error")
|
|
|
|
|
assert.Equal(t, tc.code, e.Code(), fmt.Sprintf("%s: expected %s got %s", tc.desc, tc.code, e.Code()))
|
2019-12-16 16:22:09 +01:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func TestIdentify(t *testing.T) {
|
2021-12-24 14:53:06 +01:00
|
|
|
_, loginSecret, err := svc.Issue(context.Background(), "", auth.Key{Type: auth.LoginKey, IssuedAt: time.Now(), IssuerID: id, Subject: email})
|
2023-04-12 08:30:01 -07:00
|
|
|
require.Nil(t, err, fmt.Sprintf("Issuing user key expected to succeed: %s", err))
|
2019-12-16 16:22:09 +01:00
|
|
|
|
2020-12-29 23:02:35 +01:00
|
|
|
_, recoverySecret, err := svc.Issue(context.Background(), "", auth.Key{Type: auth.RecoveryKey, IssuedAt: time.Now(), IssuerID: id, Subject: email})
|
2023-04-12 08:30:01 -07:00
|
|
|
require.Nil(t, err, fmt.Sprintf("Issuing recovery key expected to succeed: %s", err))
|
2019-12-16 16:22:09 +01:00
|
|
|
|
2020-12-29 23:02:35 +01:00
|
|
|
_, apiSecret, err := svc.Issue(context.Background(), loginSecret, auth.Key{Type: auth.APIKey, IssuedAt: time.Now(), ExpiresAt: time.Now().Add(time.Minute), IssuerID: id, Subject: email})
|
2023-04-12 08:30:01 -07:00
|
|
|
require.Nil(t, err, fmt.Sprintf("Issuing API key expected to succeed: %s", err))
|
2019-12-16 16:22:09 +01:00
|
|
|
|
|
|
|
|
authAddr := fmt.Sprintf("localhost:%d", port)
|
2023-04-12 08:30:01 -07:00
|
|
|
conn, _ := grpc.Dial(authAddr, grpc.WithTransportCredentials(insecure.NewCredentials()))
|
2019-12-16 16:22:09 +01:00
|
|
|
client := grpcapi.NewClient(mocktracer.New(), conn, time.Second)
|
|
|
|
|
|
|
|
|
|
cases := []struct {
|
|
|
|
|
desc string
|
|
|
|
|
token string
|
2023-02-02 20:28:32 +03:00
|
|
|
idt *mainflux.UserIdentity
|
2019-12-16 16:22:09 +01:00
|
|
|
err error
|
2020-04-10 17:43:42 +02:00
|
|
|
code codes.Code
|
2019-12-16 16:22:09 +01:00
|
|
|
}{
|
2020-10-27 19:42:53 +01:00
|
|
|
{
|
|
|
|
|
desc: "identify user with user token",
|
|
|
|
|
token: loginSecret,
|
2023-02-02 20:28:32 +03:00
|
|
|
idt: &mainflux.UserIdentity{Email: email, Id: id},
|
2020-10-27 19:42:53 +01:00
|
|
|
err: nil,
|
|
|
|
|
code: codes.OK,
|
|
|
|
|
},
|
2019-12-16 16:22:09 +01:00
|
|
|
{
|
2020-01-16 18:43:06 +01:00
|
|
|
desc: "identify user with recovery token",
|
2020-10-27 19:42:53 +01:00
|
|
|
token: recoverySecret,
|
2023-02-02 20:28:32 +03:00
|
|
|
idt: &mainflux.UserIdentity{Email: email, Id: id},
|
2019-12-16 16:22:09 +01:00
|
|
|
err: nil,
|
2020-04-10 17:43:42 +02:00
|
|
|
code: codes.OK,
|
2019-12-16 16:22:09 +01:00
|
|
|
},
|
|
|
|
|
{
|
2020-01-16 18:43:06 +01:00
|
|
|
desc: "identify user with API token",
|
2020-10-27 19:42:53 +01:00
|
|
|
token: apiSecret,
|
2023-02-02 20:28:32 +03:00
|
|
|
idt: &mainflux.UserIdentity{Email: email, Id: id},
|
2019-12-16 16:22:09 +01:00
|
|
|
err: nil,
|
2020-04-10 17:43:42 +02:00
|
|
|
code: codes.OK,
|
2019-12-16 16:22:09 +01:00
|
|
|
},
|
|
|
|
|
{
|
2020-01-16 18:43:06 +01:00
|
|
|
desc: "identify user with invalid user token",
|
2019-12-16 16:22:09 +01:00
|
|
|
token: "invalid",
|
2023-02-02 20:28:32 +03:00
|
|
|
idt: &mainflux.UserIdentity{},
|
2022-02-01 17:33:23 +01:00
|
|
|
err: status.Error(codes.Unauthenticated, "unauthenticated access"),
|
2020-04-10 17:43:42 +02:00
|
|
|
code: codes.Unauthenticated,
|
2019-12-16 16:22:09 +01:00
|
|
|
},
|
|
|
|
|
{
|
2022-03-03 17:13:46 +01:00
|
|
|
desc: "identify user with empty token",
|
2019-12-16 16:22:09 +01:00
|
|
|
token: "",
|
2023-02-02 20:28:32 +03:00
|
|
|
idt: &mainflux.UserIdentity{},
|
2019-12-16 16:22:09 +01:00
|
|
|
err: status.Error(codes.InvalidArgument, "received invalid token request"),
|
2022-03-03 17:13:46 +01:00
|
|
|
code: codes.Unauthenticated,
|
2019-12-16 16:22:09 +01:00
|
|
|
},
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
for _, tc := range cases {
|
2020-10-27 19:42:53 +01:00
|
|
|
idt, err := client.Identify(context.Background(), &mainflux.Token{Value: tc.token})
|
|
|
|
|
if idt != nil {
|
2023-02-02 20:28:32 +03:00
|
|
|
assert.Equal(t, tc.idt, idt, fmt.Sprintf("%s: expected %v got %v", tc.desc, tc.idt, idt))
|
2020-10-27 19:42:53 +01:00
|
|
|
}
|
2020-04-10 17:43:42 +02:00
|
|
|
e, ok := status.FromError(err)
|
|
|
|
|
assert.True(t, ok, "gRPC status can't be extracted from the error")
|
|
|
|
|
assert.Equal(t, tc.code, e.Code(), fmt.Sprintf("%s: expected %s got %s", tc.desc, tc.code, e.Code()))
|
2019-12-16 16:22:09 +01:00
|
|
|
}
|
|
|
|
|
}
|
2021-03-04 10:29:03 +01:00
|
|
|
|
2021-10-27 00:38:28 +02:00
|
|
|
func TestAuthorize(t *testing.T) {
|
2021-12-24 14:53:06 +01:00
|
|
|
_, loginSecret, err := svc.Issue(context.Background(), "", auth.Key{Type: auth.LoginKey, IssuedAt: time.Now(), IssuerID: id, Subject: email})
|
2023-04-12 08:30:01 -07:00
|
|
|
require.Nil(t, err, fmt.Sprintf("Issuing user key expected to succeed: %s", err))
|
2021-10-27 00:38:28 +02:00
|
|
|
|
|
|
|
|
authAddr := fmt.Sprintf("localhost:%d", port)
|
2023-04-12 08:30:01 -07:00
|
|
|
conn, _ := grpc.Dial(authAddr, grpc.WithTransportCredentials(insecure.NewCredentials()))
|
2021-10-27 00:38:28 +02:00
|
|
|
client := grpcapi.NewClient(mocktracer.New(), conn, time.Second)
|
|
|
|
|
|
|
|
|
|
cases := []struct {
|
|
|
|
|
desc string
|
|
|
|
|
token string
|
|
|
|
|
subject string
|
|
|
|
|
object string
|
|
|
|
|
relation string
|
2023-02-02 20:28:32 +03:00
|
|
|
ar *mainflux.AuthorizeRes
|
2021-10-27 00:38:28 +02:00
|
|
|
err error
|
|
|
|
|
code codes.Code
|
|
|
|
|
}{
|
|
|
|
|
{
|
|
|
|
|
desc: "authorize user with authorized token",
|
|
|
|
|
token: loginSecret,
|
|
|
|
|
subject: id,
|
|
|
|
|
object: authoritiesObj,
|
|
|
|
|
relation: memberRelation,
|
2023-02-02 20:28:32 +03:00
|
|
|
ar: &mainflux.AuthorizeRes{Authorized: true},
|
2021-10-27 00:38:28 +02:00
|
|
|
err: nil,
|
|
|
|
|
code: codes.OK,
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
desc: "authorize user with unauthorized relation",
|
|
|
|
|
token: loginSecret,
|
|
|
|
|
subject: id,
|
|
|
|
|
object: authoritiesObj,
|
|
|
|
|
relation: "unauthorizedRelation",
|
2023-02-02 20:28:32 +03:00
|
|
|
ar: &mainflux.AuthorizeRes{Authorized: false},
|
2021-10-27 00:38:28 +02:00
|
|
|
err: nil,
|
2022-02-01 17:33:23 +01:00
|
|
|
code: codes.PermissionDenied,
|
2021-10-27 00:38:28 +02:00
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
desc: "authorize user with unauthorized object",
|
|
|
|
|
token: loginSecret,
|
|
|
|
|
subject: id,
|
|
|
|
|
object: "unauthorizedobject",
|
|
|
|
|
relation: memberRelation,
|
2023-02-02 20:28:32 +03:00
|
|
|
ar: &mainflux.AuthorizeRes{Authorized: false},
|
2021-10-27 00:38:28 +02:00
|
|
|
err: nil,
|
2022-02-01 17:33:23 +01:00
|
|
|
code: codes.PermissionDenied,
|
2021-10-27 00:38:28 +02:00
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
desc: "authorize user with unauthorized subject",
|
|
|
|
|
token: loginSecret,
|
|
|
|
|
subject: "unauthorizedSubject",
|
|
|
|
|
object: authoritiesObj,
|
|
|
|
|
relation: memberRelation,
|
2023-02-02 20:28:32 +03:00
|
|
|
ar: &mainflux.AuthorizeRes{Authorized: false},
|
2021-10-27 00:38:28 +02:00
|
|
|
err: nil,
|
2022-02-01 17:33:23 +01:00
|
|
|
code: codes.PermissionDenied,
|
2021-10-27 00:38:28 +02:00
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
desc: "authorize user with invalid ACL",
|
|
|
|
|
token: loginSecret,
|
|
|
|
|
subject: "",
|
|
|
|
|
object: "",
|
|
|
|
|
relation: "",
|
2023-02-02 20:28:32 +03:00
|
|
|
ar: &mainflux.AuthorizeRes{Authorized: false},
|
2021-10-27 00:38:28 +02:00
|
|
|
err: nil,
|
|
|
|
|
code: codes.InvalidArgument,
|
|
|
|
|
},
|
|
|
|
|
}
|
|
|
|
|
for _, tc := range cases {
|
|
|
|
|
ar, err := client.Authorize(context.Background(), &mainflux.AuthorizeReq{Sub: tc.subject, Obj: tc.object, Act: tc.relation})
|
|
|
|
|
if ar != nil {
|
2023-02-02 20:28:32 +03:00
|
|
|
assert.Equal(t, tc.ar, ar, fmt.Sprintf("%s: expected %v got %v", tc.desc, tc.ar, ar))
|
2021-10-27 00:38:28 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
e, ok := status.FromError(err)
|
|
|
|
|
assert.True(t, ok, "gRPC status can't be extracted from the error")
|
|
|
|
|
assert.Equal(t, tc.code, e.Code(), fmt.Sprintf("%s: expected %s got %s", tc.desc, tc.code, e.Code()))
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func TestAddPolicy(t *testing.T) {
|
2021-12-24 14:53:06 +01:00
|
|
|
_, loginSecret, err := svc.Issue(context.Background(), "", auth.Key{Type: auth.LoginKey, IssuedAt: time.Now(), IssuerID: id, Subject: email})
|
2023-04-12 08:30:01 -07:00
|
|
|
require.Nil(t, err, fmt.Sprintf("Issuing user key expected to succeed: %s", err))
|
2021-10-27 00:38:28 +02:00
|
|
|
|
|
|
|
|
authAddr := fmt.Sprintf("localhost:%d", port)
|
2023-04-12 08:30:01 -07:00
|
|
|
conn, _ := grpc.Dial(authAddr, grpc.WithTransportCredentials(insecure.NewCredentials()))
|
2021-10-27 00:38:28 +02:00
|
|
|
client := grpcapi.NewClient(mocktracer.New(), conn, time.Second)
|
|
|
|
|
|
|
|
|
|
groupAdminObj := "groupadmin"
|
|
|
|
|
|
|
|
|
|
cases := []struct {
|
|
|
|
|
desc string
|
|
|
|
|
token string
|
|
|
|
|
subject string
|
|
|
|
|
object string
|
|
|
|
|
relation string
|
2023-02-02 20:28:32 +03:00
|
|
|
ar *mainflux.AddPolicyRes
|
2021-10-27 00:38:28 +02:00
|
|
|
err error
|
|
|
|
|
code codes.Code
|
|
|
|
|
}{
|
|
|
|
|
{
|
|
|
|
|
desc: "add groupadmin policy to user",
|
|
|
|
|
token: loginSecret,
|
|
|
|
|
subject: id,
|
|
|
|
|
object: groupAdminObj,
|
|
|
|
|
relation: memberRelation,
|
2023-02-02 20:28:32 +03:00
|
|
|
ar: &mainflux.AddPolicyRes{Authorized: true},
|
2021-10-27 00:38:28 +02:00
|
|
|
err: nil,
|
|
|
|
|
code: codes.OK,
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
desc: "add policy to user with invalid ACL",
|
|
|
|
|
token: loginSecret,
|
|
|
|
|
subject: "",
|
|
|
|
|
object: "",
|
|
|
|
|
relation: "",
|
2023-02-02 20:28:32 +03:00
|
|
|
ar: &mainflux.AddPolicyRes{Authorized: false},
|
2021-10-27 00:38:28 +02:00
|
|
|
err: nil,
|
|
|
|
|
code: codes.InvalidArgument,
|
|
|
|
|
},
|
|
|
|
|
}
|
|
|
|
|
for _, tc := range cases {
|
|
|
|
|
apr, err := client.AddPolicy(context.Background(), &mainflux.AddPolicyReq{Sub: tc.subject, Obj: tc.object, Act: tc.relation})
|
|
|
|
|
if apr != nil {
|
2023-02-02 20:28:32 +03:00
|
|
|
assert.Equal(t, tc.ar, apr, fmt.Sprintf("%s: expected %v got %v", tc.desc, tc.ar, apr))
|
2021-10-27 00:38:28 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
e, ok := status.FromError(err)
|
|
|
|
|
assert.True(t, ok, "gRPC status can't be extracted from the error")
|
|
|
|
|
assert.Equal(t, tc.code, e.Code(), fmt.Sprintf("%s: expected %s got %s", tc.desc, tc.code, e.Code()))
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func TestDeletePolicy(t *testing.T) {
|
2021-12-24 14:53:06 +01:00
|
|
|
_, loginSecret, err := svc.Issue(context.Background(), "", auth.Key{Type: auth.LoginKey, IssuedAt: time.Now(), IssuerID: id, Subject: email})
|
2023-04-12 08:30:01 -07:00
|
|
|
require.Nil(t, err, fmt.Sprintf("Issuing user key expected to succeed: %s", err))
|
2021-10-27 00:38:28 +02:00
|
|
|
|
|
|
|
|
authAddr := fmt.Sprintf("localhost:%d", port)
|
2023-04-12 08:30:01 -07:00
|
|
|
conn, _ := grpc.Dial(authAddr, grpc.WithTransportCredentials(insecure.NewCredentials()))
|
2021-10-27 00:38:28 +02:00
|
|
|
client := grpcapi.NewClient(mocktracer.New(), conn, time.Second)
|
|
|
|
|
|
|
|
|
|
readRelation := "read"
|
|
|
|
|
thingID := "thing"
|
|
|
|
|
|
|
|
|
|
apr, err := client.AddPolicy(context.Background(), &mainflux.AddPolicyReq{Sub: id, Obj: thingID, Act: readRelation})
|
2023-04-12 08:30:01 -07:00
|
|
|
require.Nil(t, err, fmt.Sprintf("Adding read policy to user expected to succeed: %s", err))
|
|
|
|
|
require.True(t, apr.GetAuthorized(), fmt.Sprintf("Adding read policy expected to make user authorized, expected %v got %v", true, apr.GetAuthorized()))
|
2021-10-27 00:38:28 +02:00
|
|
|
|
|
|
|
|
cases := []struct {
|
|
|
|
|
desc string
|
|
|
|
|
token string
|
|
|
|
|
subject string
|
|
|
|
|
object string
|
|
|
|
|
relation string
|
|
|
|
|
dpr *mainflux.DeletePolicyRes
|
|
|
|
|
code codes.Code
|
|
|
|
|
}{
|
|
|
|
|
{
|
|
|
|
|
desc: "delete valid policy",
|
|
|
|
|
token: loginSecret,
|
|
|
|
|
subject: id,
|
|
|
|
|
object: thingID,
|
|
|
|
|
relation: readRelation,
|
|
|
|
|
dpr: &mainflux.DeletePolicyRes{Deleted: true},
|
|
|
|
|
code: codes.OK,
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
desc: "delete invalid policy",
|
|
|
|
|
token: loginSecret,
|
|
|
|
|
subject: "",
|
|
|
|
|
object: "",
|
|
|
|
|
relation: "",
|
|
|
|
|
dpr: &mainflux.DeletePolicyRes{Deleted: false},
|
|
|
|
|
code: codes.InvalidArgument,
|
|
|
|
|
},
|
|
|
|
|
}
|
|
|
|
|
for _, tc := range cases {
|
|
|
|
|
dpr, err := client.DeletePolicy(context.Background(), &mainflux.DeletePolicyReq{Sub: tc.subject, Obj: tc.object, Act: tc.relation})
|
|
|
|
|
e, ok := status.FromError(err)
|
|
|
|
|
assert.True(t, ok, "gRPC status can't be extracted from the error")
|
|
|
|
|
assert.Equal(t, tc.code, e.Code(), fmt.Sprintf("%s: expected %s got %s", tc.desc, tc.code, e.Code()))
|
|
|
|
|
assert.Equal(t, tc.dpr.GetDeleted(), dpr.GetDeleted(), fmt.Sprintf("%s: expected %v got %v", tc.desc, tc.dpr.GetDeleted(), dpr.GetDeleted()))
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2021-03-04 10:29:03 +01:00
|
|
|
func TestMembers(t *testing.T) {
|
2021-12-24 14:53:06 +01:00
|
|
|
_, token, err := svc.Issue(context.Background(), "", auth.Key{Type: auth.LoginKey, IssuedAt: time.Now(), IssuerID: id, Subject: email})
|
2023-04-12 08:30:01 -07:00
|
|
|
require.Nil(t, err, fmt.Sprintf("Issuing user key expected to succeed: %s", err))
|
2021-03-04 10:29:03 +01:00
|
|
|
|
|
|
|
|
group := auth.Group{
|
|
|
|
|
Name: "Mainflux",
|
|
|
|
|
Description: description,
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
var things []string
|
|
|
|
|
for i := 0; i < numOfThings; i++ {
|
2021-10-27 00:38:28 +02:00
|
|
|
thID, err := uuid.New().ID()
|
2023-04-12 08:30:01 -07:00
|
|
|
require.Nil(t, err, fmt.Sprintf("Generate thing id expected to succeed: %s", err))
|
2021-03-04 10:29:03 +01:00
|
|
|
|
2021-10-27 00:38:28 +02:00
|
|
|
err = svc.AddPolicy(context.Background(), auth.PolicyReq{Subject: id, Object: thID, Relation: "owner"})
|
2023-04-12 08:30:01 -07:00
|
|
|
require.Nil(t, err, fmt.Sprintf("Adding a policy expected to succeed: %s", err))
|
2021-10-27 00:38:28 +02:00
|
|
|
|
|
|
|
|
things = append(things, thID)
|
2021-03-04 10:29:03 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
var users []string
|
|
|
|
|
for i := 0; i < numOfUsers; i++ {
|
|
|
|
|
id, err := uuid.New().ID()
|
2023-04-12 08:30:01 -07:00
|
|
|
require.Nil(t, err, fmt.Sprintf("Generate thing id expected to succeed: %s", err))
|
2021-03-04 10:29:03 +01:00
|
|
|
|
|
|
|
|
users = append(users, id)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
group, err = svc.CreateGroup(context.Background(), token, group)
|
2023-04-12 08:30:01 -07:00
|
|
|
require.Nil(t, err, fmt.Sprintf("Creating group expected to succeed: %s", err))
|
2021-10-27 00:38:28 +02:00
|
|
|
err = svc.AddPolicy(context.Background(), auth.PolicyReq{Subject: id, Object: group.ID, Relation: "groupadmin"})
|
2023-04-12 08:30:01 -07:00
|
|
|
require.Nil(t, err, fmt.Sprintf("Adding a policy expected to succeed: %s", err))
|
2021-03-04 10:29:03 +01:00
|
|
|
|
|
|
|
|
err = svc.Assign(context.Background(), token, group.ID, thingsType, things...)
|
2023-04-12 08:30:01 -07:00
|
|
|
require.Nil(t, err, fmt.Sprintf("Assign members to expected to succeed: %s", err))
|
2021-03-04 10:29:03 +01:00
|
|
|
|
|
|
|
|
err = svc.Assign(context.Background(), token, group.ID, usersType, users...)
|
2023-04-12 08:30:01 -07:00
|
|
|
require.Nil(t, err, fmt.Sprintf("Assign members to group expected to succeed: %s", err))
|
2021-03-04 10:29:03 +01:00
|
|
|
|
|
|
|
|
cases := []struct {
|
|
|
|
|
desc string
|
|
|
|
|
token string
|
|
|
|
|
groupID string
|
|
|
|
|
groupType string
|
|
|
|
|
size int
|
|
|
|
|
err error
|
|
|
|
|
code codes.Code
|
|
|
|
|
}{
|
|
|
|
|
{
|
|
|
|
|
desc: "get all things with user token",
|
|
|
|
|
groupID: group.ID,
|
|
|
|
|
token: token,
|
|
|
|
|
groupType: thingsType,
|
|
|
|
|
size: numOfThings,
|
|
|
|
|
err: nil,
|
|
|
|
|
code: codes.OK,
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
desc: "get all users with user token",
|
|
|
|
|
groupID: group.ID,
|
|
|
|
|
token: token,
|
|
|
|
|
groupType: usersType,
|
|
|
|
|
size: numOfUsers,
|
|
|
|
|
err: nil,
|
|
|
|
|
code: codes.OK,
|
|
|
|
|
},
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
authAddr := fmt.Sprintf("localhost:%d", port)
|
2023-04-12 08:30:01 -07:00
|
|
|
conn, _ := grpc.Dial(authAddr, grpc.WithTransportCredentials(insecure.NewCredentials()))
|
2021-03-04 10:29:03 +01:00
|
|
|
client := grpcapi.NewClient(mocktracer.New(), conn, time.Second)
|
|
|
|
|
|
|
|
|
|
for _, tc := range cases {
|
|
|
|
|
m, err := client.Members(context.Background(), &mainflux.MembersReq{Token: tc.token, GroupID: tc.groupID, Type: tc.groupType, Offset: 0, Limit: 10})
|
|
|
|
|
e, ok := status.FromError(err)
|
|
|
|
|
assert.Equal(t, tc.size, len(m.Members), fmt.Sprintf("%s: expected %d got %d", tc.desc, tc.size, len(m.Members)))
|
|
|
|
|
assert.Equal(t, tc.code, e.Code(), fmt.Sprintf("%s: expected %s got %s", tc.desc, tc.code, e.Code()))
|
|
|
|
|
assert.True(t, ok, "OK expected to be true")
|
|
|
|
|
}
|
|
|
|
|
}
|
